Ask Your Question
0

Unable to run VNC due to consoleauth failing

asked 2014-06-23 04:08:46 -0600

I did a new installation of icehouse using the community puppet modules. I can spawn all the instaces perfectly but I can't get the VNC to work.

The auth token that I get from "nova get-vnc-console" command is invalid.

In the /var/log/nova/consoleauth.log logs, I see,

2014-06-20 14:57:32.191 16413 AUDIT nova.consoleauth.manager
[req-74cc0ef5-a351-42aa-91d0-20e43406bdfe
75163482f69e4f08b6b6b979dd119d38 36a2a12555fd43a393b2be77411a87c7]
Received Token: 75f20d26
-c900-47a2-9a05-6f8c7e9f581a, {'instance_uuid':
u'd5294870-eb75-4233-8118-1c376d03a10b', 'internal_access_path': None,
'last_activity_at': 1403276252.18894, 'console_type': u'novnc',
'host': u'compute-node-ip', 'token':
u'75f20d26-c900-47a2-9a05-6f8c7e9f581a', 'port': u'5900'}
2014-06-20 14:57:32.197 16413 INFO oslo.messaging._drivers.impl_qpid
[-] Connected to AMQP server on controller-1:5672

2014-06-20 14:57:37.879 16413 AUDIT nova.consoleauth.manager
[req-ba54c44b-c536-4155-b4e7-c06a4a46e5e3 None None] Checking Token:
75f20d26-c900-47a2-9a05-6f8c7e9f581a, False

And in the novncproxy logs, I see:

WebSocket server settings:
  - Listen on controller-1:6080
  - Flash security policy server
  - Web server. Web root: /usr/share/novnc
  - No SSL/TLS support (no cert file)
  - proxying from controller-1:6080 to ignore:ignore

  3: 172.16.26.59: Plain non-SSL (ws://) WebSocket connection
  3: 172.16.26.59: Version hybi-13, base64: 'True'
  3: 172.16.26.59: Path: '/websockify'
  3: handler exception: Invalid Token
  4: 172.16.26.59: ignoring socket not ready
  2: 172.16.26.59: ignoring empty handshake

So, it clearly means that novncproxy refuses to serve the connection due to getting a wrong token as verified by consoleauth daemon.

Also, I get this error in "Console" of Google Chrome if that helps.

New state 'failed', was 'ProtocolVersion'. Msg: Failed to connect to
server (code: 1006) util.js:111

Util.Errorutil.js:111
RFB.updateStaterfb.js:430
RFB.failrfb.js:520
(anonymous function)rfb.js:250
websocket.onclose

Can anyone help with what might be wrong?

edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted
1

answered 2014-08-22 05:52:24 -0600

Moss gravatar image

updated 2014-08-24 14:17:09 -0600

Hello, I've managed to solve it - i had an error in nova.conf regarding memcached.

I changed memcached to listen on eth0 but i forgot to update nova.conf:

root@controller1:~# netstat -lntup | grep 11211
tcp        0      0 controller1:11211       0.0.0.0:*               LISTEN      1260/memcached

Was:

root@controller1:~# grep ^memcached_servers /etc/nova/nova.conf
memcached_servers=localhost:11211,controller2:11211

It should be:

root@controller1:~# grep ^memcached_servers /etc/nova/nova.conf
memcached_servers=controller1:11211,controller2:11211

I just ran into this myself. Pretty much the exact same thing in an HA active-active setup. Are you running multiple instances of consoleauth?

I also ran into this in icehouse and previously in havana - ugly workaround was to use "Click here to show only console" or stop redundant consoleauth:

root@controller1:~# nova-manage service list
Binary           Host                                 Zone             Status     State Updated_At
nova-consoleauth controller1                          internal         enabled    :-)   2014-08-22 10:46:15
nova-cert        controller1                          internal         enabled    :-)   2014-08-22 10:46:14
nova-scheduler   controller1                          internal         enabled    :-)   2014-08-22 10:46:14
nova-conductor   controller1                          internal         enabled    :-)   2014-08-22 10:46:11
nova-compute     compute1                             nova             enabled    :-)   2014-08-22 10:46:15
nova-consoleauth controller2                          internal         enabled    XXX   2014-08-22 10:46:15
nova-cert        controller2                          internal         enabled    :-)   2014-08-22 10:46:14
nova-scheduler   controller2                          internal         enabled    :-)   2014-08-22 10:46:14
nova-conductor   controller2                          internal         enabled    :-)   2014-08-22 10:46:11
nova-compute     compute1                             nova             enabled    :-)   2014-08-22 10:46:15
edit flag offensive delete link more

Comments

Thanks I had to same issue, I had three controllers in HA, but I have not added memcached_servers. Editing nova.conf and restarting the services on controller node, fixed the issue for me.

Ashish Chandra gravatar imageAshish Chandra ( 2015-04-27 09:35:50 -0600 )edit
0

answered 2014-07-09 02:15:52 -0600

I just ran into this myself. Pretty much the exact same thing in an HA active-active setup.

Are you running multiple instances of consoleauth? By reading the code, I noticed that consoleauth uses memory cache to store access tokens. In my case, I didn't have memcache configured, so it used some other default memory cache instead.

Now when one consoleauth instance stored the credential, it was only stored locally, and the other instance didn't see it. For some reason it happened that the instance that stored the token never checked it.

At least this part seems to indicate that the token that was checked did not exist in the memory cache (the ..., False part)

2014-06-20 14:57:37.879 16413 AUDIT nova.consoleauth.manager
[req-ba54c44b-c536-4155-b4e7-c06a4a46e5e3 None None] Checking Token:
75f20d26-c900-47a2-9a05-6f8c7e9f581a, False

I configured nova on my two frontend nodes to use memcache on both nodes, and this seemed to solve the issue.

edit flag offensive delete link more

Comments

Would you need to add memcache info on the compute nodes as well?

bgyako gravatar imagebgyako ( 2014-09-08 12:26:14 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

3 followers

Stats

Asked: 2014-06-23 04:08:46 -0600

Seen: 5,327 times

Last updated: Aug 24 '14